Passwords are used for user authentication in traditional password verification processes. Every time a password is input, a risk exists of a leakage, such as through activities of malware (for example, a keylogger Trojan) or a physical viewing of the password as it is entered. The use of biometric features (such as, fingerprints, retinal patterns, voice patterns, or facial patterns) can provide a higher level of security. For example, online payment systems can be implemented to use fingerprint verification, which can improve user experience and enhance payment security.
In conventional online fingerprint verification processes, a client can send a user's fingerprint data, such as in the form of a fingerprint image or fingerprint characteristic data, to a server. The server can compare stored fingerprint data of the user with the received fingerprint data to complete verification. Because the fingerprint data needs to be transmitted to the server, a risk of leaking the fingerprint data can also exist. Leaked fingerprint data could result in problems for a user, such as security breaches, theft of monetary resources, and reputational damage. Moreover, since the fingerprint data is private data, the user may not agree to the uploading of the fingerprint data. Even if the user agrees to upload the fingerprint data, network traffic needs to be consumed during data upload. The server may also need to compare the fingerprint data, thus consuming additional computing resources and storage resources.